Just make sure that the MacPass implementation of that HTTPconnector isn't listening on 0.0.0.0 by default.
Some implementations do and it has been patched in the main repo but didn't make it out to all users. Communication from KeePass/MacPass to the browser is just over http as the name suggests so passwords are sent in plain text and can be sniffed over the network.
If it's confined to localhost then you're fine as it's as secure as not having a compromised device in the first place.
Some implementations do and it has been patched in the main repo but didn't make it out to all users. Communication from KeePass/MacPass to the browser is just over http as the name suggests so passwords are sent in plain text and can be sniffed over the network.
If it's confined to localhost then you're fine as it's as secure as not having a compromised device in the first place.